Incidents involving malware or ransomware. In some cases, incidents called “ransomware” do not involve any locking but merely hack, exfiltrate, and attempt to extort.
Ars Technica reports on another concerning security issue involving DOGE: Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department of Government Efficiency have appeared in multiple public leaks from info-stealer malware, a strong indication that devices belonging to him have been hacked in recent years. Kyle Schutt […]
May 1, 2025. A press release from the U.S. Attorney’s Office for the Central District of California: LOS ANGELES – A Yemeni national was charged today in a three-count federal grand jury indictment alleging he deployed the so-called “Black Kingdom” ransomware against computer servers owned organizations worldwide, including businesses, schools, and hospitals in the United States, […]
Someone’s hitting big UK retail firms. First it was M&S, then Co-Op, and now it’s Harrod’s. BBC reports: The luxury department store Harrods says it is the latest retailer to have been targeted by a cyber attack. The firm said it had “restricted internet access at our sites” following an attempt to gain access to […]
Bleeping Computer reports: Ongoing outages at British retail giant Marks & Spencer are caused by a ransomware attack believed to be conducted by a hacking collective known as “Scattered Spider” BleepingComputer has learned from multiple sources. Marks & Spencer (M&S) is a British multinational retailer that employs 64,000 employees and sells various products, including clothing, food, […]
TOI Tech Desk reports: A Russian-linked hacking group is reportedly exploiting two newly discovered zero-day vulnerabilities. Security researchers have warned that the Russian cybercrime group known as RomCom has been misusing these security flaws to target Firefox and Windows users in Europe and North America. These “zero-click” exploits, identified by security firm ESET, allowed hackers […]
Bleeping Computer reports: The ransomware scene is re-organizing, with one gang known as DragonForce working to gather other operations under a cartel-like structure. DragonForce is now incentivizing ransomware actors with a distributed affiliate branding model, providing other ransomware-as-a-service (RaaS) operations a means to carry out their business without dealing with infrastructure maintenance cost and effort. […]
Forbes reports: The same criminal group behind the DOGE Big Balls ransomware attack has just upped the ante. A newly updated ransom note is now using Elon Musk and DOGE references with a demand for, are you sitting down, one trillion dollars from victims. Although there is no doubt that ransomware threats should be taken very seriously, […]
Forbes reports: Now, a new threat intelligence report has revealed how financially motivated Chinese cybercriminals are targeting government offices, the energy sector, factories, financial services, and, yes, hospitals across the globe. However, North America and the U.K. have been most attacked by the Ghost ransomware hackers. According to a new report from Rebecca Harpur at […]
Only days after news sites reported that RansomHub was collaborating with EvilCorp in developing its attacks, RansomHub appeared to have been the victim of a takeover by another group. Or perhaps it was just a merger? DragonForce recently posted an announcement on the RAMP cybercrime forum claiming that it had become partners with RansomHub. A […]
Defending Against UNC3944/Scattered Spider: Cybercrime Hardening Guidance from the Frontlines – Mandiant
Background UNC3944, which overlaps with public reporting on Scattered Spider, is a financially-motivated threat actor characterized by its persistent use of social engineering and brazen communications with victims. In early operations, UNC3944 largely targeted telecommunications-related organizations to support SIM swap operations. However, after shifting to ransomware and data theft extortion in early 2023, they impacted […]